The Weekly HELO — April 11, 2011

Posted by Melinda PlemelApril 11, 2011

This week: Granny’s shovel, American-style privacy in France, European-style privacy in America, and Zeus and taxes.

Welcome to the tenth edition of The Weekly HELO! Each week, Melinda Plemel synopsizes some of the most interesting current happenings in email technology and messaging abuse.

Granny for Hire

So if you want to take down the internet, don’t hire a hacker — hire a granny. Leave it to a little old lady to take down the internet for an entire nation or two. “A 75-year-old Georgian woman who went digging for copper, sliced through an underground cable and cut off 90% of the internet services to Armenia. Azerbaijan’s services were also disrupted. Affected internet surfers were offline for about five hours.”

I find this extremely funny, but in all seriousness: WOW! We have become so dependent on the internet, the thought of it actually going down has certainly become a thing of dystopian science fiction. But the reality is, it actually shut down some major business: financial institutions were unable to make transactions, news corporations were missing major events that were taking place, facebook users were unable to update their status, and tweeters couldn’t tell everyone what they had for lunch. The really sad part is that someone who has very little is out trying to find something to sell in order to survive, and now “She faces up to three years in prison if charged and convicted.”

The other fascinating part is most of these cables are only buried between 30-42 inches down. My dogs dig holes deeper than that. A hard rain can wash away that amount of earth pretty easily. Maybe that should also be considered going forward: making the actual cable that provides the access a bit more secure?

It’s Because They Care

More than 20 internet giants are planning on filing suit against France’s highest judicial body to stop a decree obliging them to keep web users’ personal data for a year. The two leading the charge are Facebook and Google, both of whom have faced privacy criticism many times and are now standing up for their users. “The decree, published at the start of March, obliges e-commerce sites as well as video-music sites and online email services to keep a battery of data on their customers. These include users’ full names, associated postal address, pseudonyms, associated email addresses, telephone number, passwords and data used to check or modify them.”

I really don’t like the idea that anyone can maintain my personal data for any period of time. We’ve seen in recent weeks how damaging it is to companies if their data has been hacked — for their customers, the damage can go on for years. The decree seems like an open challenge to hackers, knowing that personal data is out there, just in case the French government needs to access it for, well, anything they want.

The Wave of Privacy

European privacy law has come to America via an FTC order last week. In 2010 Google Inc. was charged by the Federal Trade Commission that Google used deceptive tactics and violated its’ own privacy promise to consumers when it launched its social network, Google Buzz. The result, and what makes this interesting, “is that for Internet companies operating globally, including in Europe — and that means almost all the major companies — the FTC has established the precedent of applying European Union principles on privacy via the U.S.-EU Safe Harbor Framework. “ Europe has some of the toughest privacy laws, so what does this now mean for companies operating globally — in other words, companies operating on the internet?

Organizations in Europe are already used to the seven Safe Harbor Privacy Principles:

• Notice – Organizations must notify individuals about the purposes for which they collect and use information about them.

• Choice – Organizations must give individuals the opportunity to choose (opt out) whether their personal information will be disclosed to a third party or used for a purpose incompatible with the purpose for which it was originally collected or subsequently authorized by the individual.

• Onward Transfer (Transfers to Third Parties) – To disclose information to a third party, organizations must apply the notice and choice principles.

• Access – Individuals must have access to personal information about them that an organization holds and be able to correct, amend, or delete that information where it is inaccurate, except where the burden or expense of providing access would be disproportionate to the risks to the individual’s privacy in the case in question, or where the rights of persons other than the individual would be violated.

• Data integrity – Personal information must be relevant for the purposes for which it is to be used. An organization should take reasonable steps to ensure that data is reliable for its intended use, accurate, complete, and current.

Of course only companies that have customers in (or send email to) the EU need to comply, but this might be incentive for US law makers to make this a standard, updating our own privacy laws.

That Time of Year

Tax day is just around the corner. Hopefully most of you have finished and have received a nice refund check; if you haven’t, then you must have to pay. So for those that are still needing to file, keep in mind that this is also the time you start to see more tax scams claiming to find you the biggest refund.

Tax season is stressful for many people, and the phishers know that and are ready to pry on the fear of not filing correctly, or losing out on money that you should get back. The tactic is often simply an email that contains a virus when you click the link to get more information, commonly good old Zeus. “It hooks into your browser and when you go to your bank for online banking, it provides the hacker with that [banking] information.” Seriously, ask a friend, your bank or call direct, but never, never just click a link from some random email. The IRS won’t send an email, they will send an agent.

About Melinda Plemel

Melinda has been working at Return Path for 9 years and is currently the Senior Industry Advocate and is responsible for managing global partners that join Return Path's Data Exchange program and emerging markets. She is the key to helping and educating Return Path on mailbox providers, anti-spam, and email technology trends, as well as to educating receivers about everything Return Path has to offer.